One of the main reasons Mirai, and indeed other botnets, are able to easily hijack such a large number of IoT devices is their use of default passwords.

No duplicated default or weak passwords is among the three highest priority suggestions. The remaining two are:

Implementing a vulnerability disclosure policy with device manufacturers, app developers, and service providers.

Keeping software, including firmware, updated with security patches.

While the initial three suggestions may seem obvious, too often they're overlooked.

The next three are seen to be a high priority, but not to the extent of the first trio:

Store credentials and security-sensitive data securely.

Ensure personal data is protected and that "adequate industry-standard" encryption is applied to data in transit and at rest.

Validate input data so that it's "authorised and conforms to expectations".

There are 13 principles in total which span three pages of the paper. Other notable suggestions include:

Minimising potential attack surfaces.

Software should be verified with secure boot mechanisms.

Ensure systems are resilient to an outage.

Provide clear instructions to users with regards to personal data.

Monitor telemetry data for anomalies.

Make device installation and maintenance simple.

"We're releasing the Code of Practice for public consultation because we want to ensure that the expectations of all Australians are met regarding cybersecurity," said the Minister for Home Affairs, Peter Dutton.

"Along with our Five Eyes partners, we share the expectation that manufacturers should develop connected devices with security built-in by design."

Five Eyes is the intelligence-sharing relationship between Australia, New Zealand, the UK, Canada, and the US.

In July, Australia co-signed a Statement of Intent regarding IoT security with the other Five Eyes nations in London. The draft code "aligns with and builds upon" guidance provided by the UK earlier in the year.

You can submit your thoughts on the Code of Practice: Securing the Internet of Things for Consumers until March 1 2020.